This is the mail archive of the
ecos-bugs@sourceware.org
mailing list for the eCos project.
[Bug 1000376] ATHTTPD security Authorization parse can overrun memory
- From: bugzilla-daemon at ecoscentric dot com
- To: ecos-bugs at sources dot redhat dot com
- Date: Fri, 15 Jun 2007 21:36:58 +0100 (BST)
- Subject: [Bug 1000376] ATHTTPD security Authorization parse can overrun memory
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000376
------- Additional Comments From bugzilla_rmvthis@ds3switch.com 2007-06-15 21:36 -------
> I will stop when a '\r', a '\n' or a ' ' is found. Isn't it
> correct to assume that one of those three characters will always
> terminate the argument to the "Basic" header?
I think it's a bit optimistic to expect a browser, net-stacks and the bored Chinese teenager will always end with a character we expect.
> brings up another problem which I did not think about before:... Should we
> decree that the total, encoded
> length of the login/password string can never be more than 32
> characters
Have no idea, but seems like encoded pwd/name could go to >32 so maybe that unless it's a hassle.
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.